ADVERTISEMENT

Getting started with CORS (Cross-Origin Resource Sharing)

CORS or Cross-Origin Resource Sharing is a mechanism used to pass or share data between web servers. Essentially it is a policy containing a set of HTTP response headers.

Why CORS..?

The reason for CORS is stright forward. Lets say you wanted to access data sitting one Server A from your new shiny webapp hosted in the cloud (Server B). In an effort to prevent cross-site scripting your web browser has a built-in protocol called the same origin policy that prevents external access to data, limiting the communication between your two servers.

This problem is primarily prevalent when using Javascript to make AJAX requests for data across domains.Utilyzing CORS however server A could be configured to accept external requests from ALL or specific external servers.

Making a CORS Request

To allow CORS on server A running Apache we would add the following to the .htaccess file: